Publications - EnableSecurity

Papers
- Surf Jacking “HTTPS will not save you”
  
  Attackers exploiting this vulnerability are able to hijack an HTTP session even when the victim and the attacker’s connection is encrypted using SSL or TLS.
- The Extended HTML Form Attack Revisited
  
  A generic security flaw which affects various web browsers such as Internet Explorer, Opera and Safari. This vulnerability allows attackers to launch Cross Site Scripting attacks by making use of non-HTTP protocols. This means that even when a web applica
Tutorials
- How to set up a VoIP lab (on a shoe string)
  
  Easy step-by-step instructions on how to get a VoIP lab up and running.
- How to exploit the SIP Digest Leak vulnerability
  
  Runs you though setting up phones to actually forcing them to leak out the digest and cracking the password.
Articles
- Storming SIP Security
  
  An article published in the 02/08 issue of Hakin9. Why IP Phone Systems are the new target. How VoIP systems can be broken into or simply abused for Toll Fraud. What you can do to prevent this.
- When best intentions go wrong
  
  Debian OpenSSL vulnerability and how it affects the solutions that we (security professionals) recommend. Published on (IN)Secure Magazine.
- Closing a can of worms
  
  Tackling the assumption that network traffic cannot be intercepted or modified during transit. Published on (IN)Secure Magazine.
- How security can hurt us
  
  The more you spend on security does not necessarily equal more security. Published on (IN)Secure Magazine

EnableSecurity

Papers

Tutorials

Articles